Don’t want to deal with GDPR? Block them all!

Blocking 500 million users is a serious thing. Still, I have found sites that implement the most secure way to comply with the new GDPR laws: Block all European users! Yes, it’s hard to believe that somebody takes such a drastic decision, but it’s happening. Trying to walk in the shoes of these GDPR Taliban, I realized that I wrote just a few days ago how to block all the traffic coming from one or more continents with Cloudflare Workers and Apility API! So, I realized that I have just created the most simple and powerful tool to be 100% GDPR compliant! No Europeans! No problem anymore!

So, if you are too lazy to take GDPR seriously, or you are forced to apply GDPR with 100% effectiveness, I will explain how to do it in a few minutes thanks to Cloudflare Workers and our API. In this example, we are going to implement an extra security layer in front of our website to block traffic coming from the most malicious and suspicious traffic ever: European traffic. Thanks to the quarantine capabilities of Apility.io is possible to block access to your site from a specific continent or several countries.

This is what the example is going to do:

  1. Intercept all requests
  2. Extract the remote client IP address from the cf-connecting-ip
  3. Perform an HTTP request to Apility API badip
  4. If the request returns an HTTP 200 OK, it means that the IP address of the client is in a blacklist. So, the client is redirected to HTTP 403 FORBIDDEN error page.
  5. If the request returns an HTTP 404 NOT FOUND, it means that the IP address of the client is not inside any blacklist. So, the client can continue with the previous requests as usual.

Hence, when a request is made to the website where the Worker has a route configured, the Worker will figure out if the IP is malicious and will branch to an error page if the IP address is malicious, or will continue to the website if the IP is clean.!

Enable Cloudflare Workers

Workers is a paid feature, so developers have to enter the billing details first, and enable the Workers feature:

Cloudflare enable Workers Apility.io

Once enabled, we have to open the Launch Editor where developers can code and test the Workers:

Cloudflare Workers launch workers Apility

The Editor is a Web Application where developers can code, test and preview the Workers. They can also configure the routes. A route is a URL to intercept. A Worker is like a man-in-the-middle: it sits between the browser of the remote clients and the origin server. Then, the route controls what resources at the origin server will be handled.

Coding the Worker

Now go and paste in the Script window the code you can find in this gist. Don’t forget to replace the APILITYIO_API_KEY with your API KEY in Apility.io!

Note: You can register for free and obtain your API KEY!

The code is very simple, but it’s worth to have a look at the Cloudflare Workers documentation and the Service Workers API to understand how they work.

To test this Worker, I have added it this route https://apidocs.apility.io. This subdomain redirects to our well-known API documentation pages.

Now open, a browser and point to https://apidocs.apility.io. It will automatically redirect to https://apility.io/apidocs where you can read our API documentation.

Blocking access by continent

It’s possible to implement advanced WAF-like features fine-tuning the Apility.io features. Apility.io has more than 100 blacklists and some of them are more sensitive than others. A developer can disable the blacklists that can be too broad and focus on blacklists that are more focused on your interest. For example:

But we don’t want to check if the traffic comes from spammers, bots, anonymous users and so on. What we want to do is to block really dangerous traffic: EUROPEANS!!!

So open Blacklists in the menu at the right-hand side and deselect all the lists under the IP address tab except the list QUARANTINE-CONTINENT. This is the list that we will use

Apility.io choose ethereum blacklists from the dashboard

Thanks to the quarantine features, a developer can ban a group of IP addresses, countries, service providers or a full continent like us.

And here comes how to ban Europe. To do it, access the QUARANTINE option at the black menu at the left side of the screen. To add a Continent to the Management Dashboard goto Quarantine > Continents and enter Europe and its Time to Live in this form:

Apility quarantine ban all continents except north america

You just need to enter Europe and it’s done. If you want to ban the traffic from other places you can do it easily (you are starting to feel the power, don’t you?). If you don’t want to ban all Europeans countries but only the countries affected by the GDP, you can use the QUARANTINE-COUNTRY blacklist instead. But probably it will take you more time to enter all the countries than implementing this Cloudflare Worker.

Now you can open again the https://apidocs.apility.io and if you are in North America you will read our documentation, but if you are in Europe like me, my IP will be banned:

Banned-ip-451-gdpr-apility

The IP address belongs to a “dangerous” European provider, Telefónica Spain: https://apility.io/search/2.138.61.48

Please don’t take us seriously

This is an example of all the things you can do with Cloudflare Workes and our API. If you like it, please spread the word! But hey, don’t take us seriously. We just wanted to take the drama out from all the GDPR madness out there.